Editing Ansible

[[Ansible]] is software for automate task, you can automates software provisioning, [[configuration management]], application deployment and general orchestration, ansible design is based on [[modules]], execute <code>ansible-doc -l</code> to view your available modules or check list of official modules in the documentation: https://docs.ansible.com/ansible/latest/modules/modules_by_category.html.

== Installation and Basic Configuration ==
Install Ansible binaries using yum or apt-get depending on your linux distribution, or [[pip]] on [[MacOS]] on your computer, not necessary on your managed nodes, then allows server access to your managed clients configuring automatic [[ssh]] [[key authentication]].

* macOS: <code>brew install ansible</code>
* [[Ubuntu]] (latest version): <code>sudo apt update && sudo apt install [[software-properties-common]] && sudo [[apt-add-repository]] -y [[ppa]]:ansible/ansible && sudo apt update && sudo apt install ansible -y</code><ref>https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-ansible-on-ubuntu-18-04</ref>

Following '''binaries''' will be installed:
<pre>
/usr/bin/ansible
/usr/bin/ansible-playbook

/usr/bin/ansible-config                           View, edit, and manage ansible configuration.
/usr/bin/ansible-console                          REPL console for executing Ansible tasks
/usr/bin/ansible-galaxy                           Command to manage Ansible roles in shared repostories, the default of which is Ansible Galaxy https://galaxy.ansible.com

/usr/bin/ansible-pull                             Pulls playbooks from a VCS repo and executes them for the local host        

/usr/bin/ansible-doc                              Displays information on modules installed in Ansible libraries
/usr/bin/ansible-inventory                        Used to display or dump the configured inventory as Ansible sees it

/usr/bin/ansible-connection                       -
/usr/bin/ansible-vault                            Encryption/decryption utility for Ansible data files
</pre>


=== Commands ===
* <code>[[ansible-config]] view</code>

== Configuration files ==
There are at least two configuration files in Ansible:
* <code>/etc/ansible/hosts</code><ref>http://docs.ansible.com/ansible/latest/intro_inventory.html</ref>, text configuration file for managed nodes, or ''inventory'' in Ansible terminology, in [[INI]] or [[YAML]] format.
* <code>/etc/ansible/[[/ansible.cfg/]]</code><ref>https://docs.ansible.com/ansible/latest/installation_guide/intro_configuration.html</ref><ref>https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings</ref> general configuration file.

== Inventory of managed nodes ==
https://www.digitalocean.com/community/tutorials/how-to-manage-multistage-environments-with-ansible
Inventory is defined in <code>/etc/ansible/hosts</code> file. It allows you to define your managed hosts by hostname or IP address, and group them, such as "my_webservers_group" in our example in INI format. 

Groups of groups, hierarchies, is also supported using (:children) keyword: <code>[YOUR_NEW_GROUP_OF_GROUPS:children]</code> <ref>https://www.digitalocean.com/community/tutorials/how-to-manage-multistage-environments-with-ansible</ref>

<source lang="yaml">
#This is a example of a host configuration file. You can use # to include your comments on hosts file

foo_server.example.com
192.168.6.1
bar_server.example.com

[my_webservers_group]
foo5.example.com
bar6.example.com

[my_dbservers_group]
onedb1.example.com
twodb.example.com

#Example of a server alias on standard Ansible port
my_local_defined_hostname ansible_host=192.0.2.50

#Example of a server alias on a non standard Ansible port

my_jumper_server_alias ansible_host=192.0.2.50 ansible_port=5555 

</source>

You can also read Ansible best practices<ref>http://docs.ansible.com/ansible/latest/user_guide/playbooks_best_practices.html</ref>

'''Basic operations with your inventory:'''
* List managed hosts:
:: <code> ansible all --list-hosts</code>
:: <code> ansible YOUR_GROUP --list-hosts</code>
:: <code> ansible-inventory --graph </code> 
:: <code> ansible-inventory --list </code>
:: To filter just one group of host: <code>ansible-inventory --list | jq '.["YOUR_GROUP_NAME"]' </code>

* List defined groups
::<code>ansible localhost -m debug -a 'var=groups.keys()'</code>
::<code>ansible localhost -m debug -a 'var=groups'</code>

== Basic Ansible operations ==
* Connect to remote host and verify python, it will not do a network ping to remote host, connect to host and test python:
:: <code>ansible HOSTNAME -m ping</code> (-m parameter stands for module)<ref>https://docs.ansible.com/ansible/2.5/modules/ping_module.html</ref>

* Execute "uptime" in HOSTNAME:
::  <code>ansible HOSTNAME -a "uptime"</code>  (-a module arguments, in this case command to execute)

* Connect to HOSTNAME and execute uptime command with <code>raw</code> module, <code>raw</code> module do not need python. 
:: <code>ansible HOSTNAME -m raw -a uptime</code>

* Execute "echo hello" in all your managed nodes:
::  <code>ansible all -a "/bin/echo hello"</code>  (-a expect module arguments)

* Connect and display gathered facts, do not setup anything.
:: <code>ansible all -m setup</code>
:: <code>ansible all -m setup --tree out/</code>

* Execute commands on a machine: 
:: <code>ansible MACHINE_NAME -m shell -a COMMAND</code>

* List available modules: 
:: <code>ansible-doc -l</code>

* Execute a user defined task definition or playbook: 
::<code>ansible-playbook my_new_created_playbook.yml</code>

* Execute a user defined task definition or playbook with command line variables: 
::<code>ansible-playbook my_new_created_playbook.yml -e "YOUR_USERNAME_VAR=YOUR_USERNAME_VALUE"</code>
::: -e: --extra-vars as key=value or YAML/JSON

== Ansible Galaxy (Roles) ==
<code>ansible-galaxy</code><ref>https://docs.ansible.com/ansible/latest/cli/ansible-galaxy.html</ref> to manage roles
* <code>ansible-galaxy init <ROLE_NAME></code>
* <code>ansible-galaxy search YOUR_SEARCH</code>
* <code>ansible-galaxy list</code>
* Installing roles:
** <code>[[ansible-galaxy install]]</code>[[oVirt]].ovirt-ansible-roles<ref>https://github.com/oVirt/ovirt-ansible</ref>
** <code>ansible-galaxy install</code>[[PaloAltoNetworks]].paloaltonetworks

See also: <code>[[import_role]]</code> https://docs.ansible.com/ansible/latest/modules/import_role_module.html#import-role-module

== Features ==
* Support for saving encrypted information (passwords, API Keys ...) in playbooks using Ansible Vault (<code>[[ansible-vault]]</code><ref>https://docs.ansible.com/ansible/latest/user_guide/vault.html</ref>) since 2014

== Ansible tunning/configuration ==
Configuration of ansible is done in <code>/etc/ansible/ansible.cfg</code>, you can tune some configurations. Check official documentation <ref>https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations</ref> or some example configuration file.<ref>https://github.com/opentable/ansible-examples/blob/master/ansible.cfg</ref>.

== Ansible privileges ==
Use <code>become</code><ref>https://docs.ansible.com/ansible/latest/user_guide/become.html</ref> in your playbook and execute with <code>--ask-become-pass</code> parameter.
:Use <code>--ask-pass</code> if you do not have private public key configuration.

<code>vi create_user.yml</code>
<pre>
#!/usr/bin/env ansible-playbook --ask-become-pass

- hosts: REMOTE_SERVER
  become: yes
  tasks:

  - user:
      name: USERNAME
      shell: /bin/bash
      groups: sudo 
      append: yes
      password_lock: yes

  - authorized_key:
      user: USERNAME
      state: present
      key: "{{ lookup('file', '/home/USERNAME/.ssh/id_ed25519_USERNAME.pub') }}"

</pre>

<code>./create_user.yml</code>

See also: [[/Create a new user in a group of servers and provided ssh access using its public ssh key/]]

== Activities ==
Beginner:
# Read how to use Ansible cheatsheet: https://www.digitalocean.com/community/tutorials/how-to-use-ansible-cheat-sheet-guide
# Read Ansible blog: https://www.ansible.com/blog
# Read StackOverflow questions about Ansible: https://stackoverflow.com/questions/tagged/ansible?tab=Votes
# Create your first playbooks:
## [[/Create a new user in a group of servers and provided ssh access using its public ssh key/]]
## [[/Configure user to be able to use sudo with no password/]]
## [[/Add a repository/]] (<code>apt_repository</code> module)
## [[/Use loops in task/]]

Intermediate
# [[Linux server administration/sar/Installing sysstat using Ansible|Install and configure sysstat using Ansible]]
# Modify ssh client Ansible uses to connect: change it from Paramiko to openssh client and modify <code>ControlPersist</code> in <code>ssh_args</code> option. Do it in your <code>ansible.cfg</code> file. (Note than Ansible will use a different <code>ControlPath</code> that your openssh configuration. Default to: <code>~/.ansible/cp</code>)
# Read about Ansible [[/Roles/]] (similar to modules in [[puppet]] and cookbooks in [[Chef]]): https://linuxacademy.com/blog/linux-academy/ansible-roles-explained/: <code>[[/ansible-galaxy/]] init <ROLE_NAME></code>
# Read about Reusable Playbooks: Dynamic vs. Static and Tradeoffs and Pitfalls Between Includes and Imports <ref>https://docs.ansible.com/ansible/latest/user_guide/playbooks_reuse.html?extIdCarryOver=true&sc_cid=701f2000001OH7YAAW#differences-between-static-and-dynamic</ref>

Advanced:
# Increase default <code>forks</code> configuration variable (default configuration is 5 forks) in <code>/etc/ansible/ansible.cfg</code> and verify how your execution time increase or decrease. Use: <ref>https://docs.ansible.com/ansible/latest/reference_appendices/config.html#ansible-configuration-settings-locations</ref>
# Use Ansible [[/ovirt-RHV module/]] (ovirt_vm) to create KVM virtual machines<ref>https://docs.ansible.com/ansible/latest/modules/ovirt_vm_module.html#ovirt-vm-module</ref>
# Read Release Notes: [[Ansible changelog and versions]]: v2.9<ref>https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst</ref>, v2.8<ref>https://github.com/ansible/ansible/blob/stable-2.8/changelogs/CHANGELOG-v2.8.rst</ref>, v2.7<ref>https://github.com/ansible/ansible/blob/stable-2.7/changelogs/CHANGELOG-v2.7.rst</ref>.
# Read Ansible Code: <code>[[git clone]] https://github.com/ansible/ansible.git</code>

== See also ==
* {{IaC}}
* [[/ansible-cmdb/]] <code> $ mkdir out && ansible all -m setup --tree out/ && ansible-cmdb out/ > overview.html</code>
* [[DevOps/SaltStack]]
* [[/lookup/]]
* [[/Playbooks/]], [[/Modules/]], [[Blocks]]<ref>https://docs.ansible.com/ansible/latest/user_guide/playbooks_blocks.html#playbooks-blocks</ref> (since 2016) and [[/Roles/]]
* [[Configuration management]] software: https://en.m.wikipedia.org/wiki/Comparison_of_open-source_configuration_management_software


{{CC license}}
Original Source: https://en.wikiversity.org/wiki/DevOps/Ansible


[[Category:Server administration]]
[[Category:Infrastructure as Code]]